Similar to antivirus products which use malware definitions to block threats, IDPS solutions use attack signatures to detect network intrusion attempts.

It's been known for a long time that signature-based implementations can be defeated by determined attackers; that's the reason why modern antivirus products provide multiple layers of protection.

However, intrusion prevention systems are less flexible and cannot compensate for detection evasion as easily as anti-malware solutions. In fact, Stonesoft claims that many vendors haven't even addressed the AETs its researchers identified last year.

"Network security vendors have now had more than a year to provide their customers protection against AETs, but unfortunately we still have not seen much success in this area," Stonesoft's founder and CEO, Ilkka Hiidenheimo, said.

"Very few vendors have truly understood the magnitude of the problem, while some are struggling to provide some kind of protection. Most of the vendors who acknowledge the problem are incapable of building a working solution -- instead, they are keeping themselves busy doing temporary and inflexible fixes. The rest just ignore the issue and do nothing," he added.

A basic detection evasion technique is to modify an attack to work over a different protocol or to implement it using a different programming language. Most IDPS products are smart enough to catch onto such rudimentary attempts; however, Stonesoft's AETs combine multiple techniques into new attack vectors that look completely unknown to existing solutions.

The company submitted its new set of AET samples to the Finnish national computer security incident response team (CERT-FI) in order to coordinate patching processes with the affected vendors. Whether this effort will have better results than last year's remains to be seen.

However, it's worth keeping in mind that AETs are about delivering payloads and nothing stops the payload itself from being blocked by a security solution running at the system level.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.